Fix: prevent silent password overwrite on contact/domain update

[yuriverweij]

Fix: prevent silent password overwrite on contact/domain update

Problem

When calling Contact.update() or Domain.update() without supplying a
password, the existing registry password was silently overwritten with a
randomly generated one.

Root cause: base_command._prepare_command auto-generated a 16-character
password for any command template that contained the word password — which
includes update templates even after the conditional {% if password %} fix
in fe0175d. The auto-generated password satisfied the Jinja condition, causing
the <authInfo> block to be included in the XML and the password to be
overwritten on the EPP server.

Solution

Moved password auto-generation out of base_command._prepare_command and into
the specific create() methods that actually require it:

• base_command._prepare_command — removed auto-generation logic and the
  now-unused helper import
• contact.create() — explicitly generates a password when none is
  provided
• domain.create() — explicitly generates a password when none is
  provided

Update operations no longer touch the password unless one is explicitly
supplied by the caller.

Tests

• Replaced the old test_prepare_command_password (which asserted
  auto-generation) with two new tests that assert:
  • no password is injected when none is supplied
  • an explicitly supplied password passes through correctly
• Added test_create_generates_password_when_not_supplied and
  test_update_does_not_generate_password_when_not_supplied for both
  Contact and Domain

[ehsan-fj]

Thanks for your PR.